TikTok, the Chinese-owned social media platform, was fined 345 million euros by a European Union regulator for breaches related to child data. The Data Protection Commission of Ireland, a key enforcer of the EU’s strict data protection regulations, issued the administrative fine after a two-year investigation. The regulator has given TikTok a three-month period to align its data processing practices with EU rules.
The inquiry, initiated in September 2021, assessed TikTok’s compliance with General Data Protection Regulation (GDPR) regarding platform settings and personal data processing for users below 18. While it found no violation in age verification for those under 13, it discovered that the platform didn’t adequately assess risks for younger registrants.
The ruling highlighted that children signing up on TikTok had their accounts defaulted to public, allowing anyone to view or comment on their content. Additionally, the “family pairing” mode, meant to link parents’ accounts with their teens’, was criticized for not verifying parent or guardian status.
Ireland is a focal point for GDPR enforcement due to hosting the European headquarters of major tech companies like TikTok, Google, Meta, and X (formerly Twitter).
TikTok, a subsidiary of the Chinese tech giant ByteDance, enjoys immense popularity among young users, with 150 million in the United States and 134 million in the European Union.
In response to the fine, TikTok stated it “respectfully disagrees” with the decision and is currently considering its next steps. The company emphasized that the criticisms pertain to features and settings that were in place three years ago, which they had already modified prior to the investigation’s commencement, such as setting all under-16 accounts to private by default.